- Issued:
- 2023-07-06
- Updated:
- 2023-07-06
RHBA-2023:3974 - Bug Fix Advisory
Synopsis
Update JBoss Web Server 5.7 for OpenShift images to fix python CVE-2023-24329
Type/Severity
Bug Fix Advisory
Topic
This erratum covers updates to the current Red Hat JBoss Web Server 5.7 for OpenShift images to fix python CVE-2023-24329.
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JBoss Web Server 5.7 for OpenShift images have been updated to fix python CVE-2023-24329.
Solution
To update to the latest JBoss Web Server 5.7.3 for OpenShift image on UBI8, perform the following steps to pull in the content:
1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:
$ oc login -u system:admin
2. Depending on the OpenJDK version, run either of the following commands to update the core JBoss Web Server 5.7 tomcat 9 OpenShift image stream in the "openshift" project:
- For OpenJDK 8:
To update the core JBoss Web Server 5.7 tomcat 9 with OpenJDK 8 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver57-openjdk8-tomcat9-openshift-ubi8:5.7.3
- For OpenJDK 11:
To update the core JBoss Web Server 5.7 tomcat 9 with OpenJDK 11 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver57-openjdk11-tomcat9-openshift-ubi8:5.7.3
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
Fixes
- BZ - 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass
- CLOUD-4185 - [JWS57] Important - python: urllib.parse url blocklisting bypass (CVE-2023-24329)
CVEs
ppc64le
jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:16d8b125ad57847650b20bce1fac20a816faa21a4ec81627ef538279df9dba5e |
s390x
jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:65bbe93e4e0c580231c4bce480f98be3a39e74a178562072b60c4ad686c0e85e |
x86_64
jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:25f6a298e4505c38e7220e8a654852de3822d40a99b5f47da657251f31c3ffc3 |
jboss-webserver-5/jws57-openjdk8-openshift-rhel8@sha256:301b093ae4fbc18f7d9d11b803d9da4220dad4556202a8de2f04377ff87c2f4d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.